[nickysielicki]

We (speaking as a netizen) need Usenet 2.0; eg: something that can fulfill the role of reddit that is decentralized/distributed. Perhaps reddit can even transition into being a reader (a la google reader) for people that don't want to set up their own node.

I'm not saying that drug discussion is the quintessential act that deserves to be protected, but I am worried that the government has such an easy avenue to get this information. What happens when it's something far more political? What happens when they serve a gag order alongside their subpoena? What happens when the people talking aren't technically inclined, and don't use Tor? (By the way, I would bet these people were using Tor and this subpoena is useless.)

[pjc50]

Well, Usenet 1.0 was decentralised, and people need to think about the disadvantages. In the early 2000s well over 50% of the traffic was spam cancels. An forum without an "owner" who can delete posts and effectively ban spammers and "abuse" will promptly be filled with spam and abuse.

The issue of "abuse" which is harmful to people other than users of the forum should also be considered carefully.

[GFK_of_xmaspast]

I remember usenet becoming basically unreadable from the spam and abuse (both commercial and otherwise, everybody's favorite nazi weev did a lot to kill usenet back in the day)

[DanBC]

I don't remember weev from any Usenet groups I used. I do remember hipcrime sporges.

[GFK_of_xmaspast]

he was in the gnaa

[DanBC]

Yes, I know. I don't remember them from any Usenet groups I used.

Hipcrime destroyed many groups until people worked out how to filter the sporges; snuh made a lot of noise across a wide range of groups but didn't have much effect; Meow army disrupted many groups; and obviously alt.syntax.tactical

The fact that snuh were more disruptive than gnaa is telling because snuh just wasn't very disruptive.

Do you have some search terms?

[anonbanker]

GNAA was the /. era, friend. Usenet was Eternal Septembered by then.

[hurin]

>> Perhaps reddit can even transition into being a reader (a la google reader) for people that don't want to set up their own node.

>The issue of "abuse" which is harmful to people other than users of the forum should also be considered carefully.

If you think of always accessing the information through a "reader" rather than in raw form, than effectively the reader mods can delete and remove spam - users could subscribe to a reader, or several readers that can give different views of the same information - but also would have the choice not to do so.

[vacri]

In which case you would get people with different views of what's going on - some people could see some articles but not others. Confusion would then be a problem - it's one we already have on forums that allow editing or deletion of commentary.

[Sir_Substance]

This is a pretty common argument, I see it a lot when someone suggests forums should let people delete posts. There's always someone saying it makes the forum impossible to read.

Well, if there's one thing we know from 10 years of reddit its that people being able to delete content and usernames completely has negligible impact on readability.

Similarly, with 20 years of experience with ignore lists, I can confidently say that what small amounts of confusion might occasionally be generated from my ignore list being different to yours are well offset by the benefits of us being able to choose who we don't want to interact with.

[im2w1l]

Web of trust-based spam filtering takes some effort to use, but is a workable solution.

[technofiend]

WoT is pointless when people can manufacture identities that trust each other and build a fake trust score for an id used to spam or whatever.

[dublinben]

WoT can't be effectively spammed, unless those spam accounts are trusted by people you trust. The spam accounts can vouch for each other all they want (a la Twitter), but you control whose trust you value.

[ethbro]

I was thinking about this the other day. From an information perspective, it shouldn't be impossible to design the system you describe (including the implied nuances) because spam usage patterns do and must look different than normal usage patterns under any system that penalizes new accounts.

Hypothetically, the worst you could do would be astroturf. (aka the US/Chinese military style "slightly biased posts from a large number of centrally controlled but seeming unrelated accounts")

However, the idea of slight bias over longer periods is somewhat antithetical to the idea of a spam. In that it might influence you to buy Sparkle towels (honestly, with Amazon prices that low and shipping that easy... [meta :p]) over a competitor, but isn't going to convince you to navigate to {insert sketch get-rich-quick spam scheme here}.

Weeding out astroturf is an entirely more interesting problem though...

[technofiend]

Yeah, that's the problem. Unless I personally build a trust score for every member in the web, all I can do is rely on a score based on friend-of-friend rankings. Eventually a friend and I will disagree on a friend-of-friend ranking. Do I lower the trust of the friend, or the friend-of-friend? Is that even possible? And if it is, how much time do I really want to spend pruning the web?

Good example: I want to see everything my Aunt Susan is doing in her personal life on Facebook. I do not want to see anything ever for any reason that has to do with her Zynga games.

A single trust score doesn't really encapsulate that relationship and it's very possible she would effectively breach the WoT by allowing Zynga to send me messages, notices or e-mail in exchange for her to get a shiny new Farmville tractor or something.

I stopped using Facebook because of this kind of crap. I don't have the time, energy or interest to deal with people I do know sending me crap I don't want, and more importantly Facebook's flexible definition of privacy and customer service. I had Facebook change my settings away from their desired state more than once as part of an "policy" or "feature" update.

So I guess the meta discussion is about whether you trust the holder of the trust. LOL.

[grrowl]

It only takes one break in the chain to compromise the entire web of trust. With such wide-spread connections across the planet these days, the chance of someone you trust three times removed accidentally breaking that chain is quite real.

[FreeFull]

Let's say you see some spam. You could have the software tell you which part of the web has made the spam trusted, and then you could manually mark that part of the web as untrusted. If there are only a few breaks in the chain like that, it'd be a workable solution.

[mbrubeck]

There are trust metrics for web-of-trust systems that are resistant to attackers who can create unlimited dummy identities that trust each other. For example:

http://www.advogato.org/trust-metric.html

[InclinedPlane]

It depends on how things are implemented. WoT isn't implicitly just a vote based system. If it's actually a web then there is a requirement of a trust connection (or route) between you and the content, and that's much harder to game.

[teraflop]

That's a nice theory, but has it been demonstrated to work in any real systems? Is it known to be a workable solution at the scale of Usenet/Reddit?

[im2w1l]

That's a very high bar to set :)

No it hasn't been validated for that use case for that large a system. Some examples where it has been used: PGP uses web of trust to validate keys. Freenet boards used web of trust to succesfully stave off spam attack. They are a lot smaller than reddit of course.

[schoen]

It's not clear that the PGP web of trust will survive well under an attack, at least in terms of most users not being fooled.

Someone made a fake PGP for me several years ago, and many people have chosen that over my genuine key when e-mailing me, just because the fake key is newer, even though my genuine key has lots of signatures and the fake key has none at all. (It was probably Enigmail helping them make the choice rather than a clearly informed decision.)

Meanwhile, there is already a complete clone of the strong set with colliding key IDs. That is, people have spent the computing time needed to make a fake version of every single public key, with the same name and key ID and signatures as the real one, just with a different fingerprint. (There's one at https://evil32.com/, but I think at least one other group has done the same thing!)

If someone uploaded those to the keyservers, there would be a fake copy of each PGP public key with the same key ID and the same signature structure (of course signed by other fake keys rather than by other real keys). At that point you would always have a 50% chance of getting a fake key every time you tried to use PGP to contact a new person, unless you consciously manually used an out-of-band fingerprint verification mechanism to bootstrap your selection of what key to use. You would never be safe in just guessing because you "found a key out there" for someone and it "looked right" and "had a bunch of signatures"!.

I'm willing to be more charitable toward the web of trust than someone like Moxie is -- I think more users could be taught to be more cautious, and software could help automate key exchange better -- but my own experiences with having a fake key out there in my name don't make me very optimistic about the way the web of trust is being used today. It's also sad to ponder, as Moxie has, that it seems PGP isn't even being used widely enough to make it worthwhile for attackers to try to DoS the web of trust, let alone to try to trick people into using the wrong keys on a large scale. (That is, PGP hasn't even reached Gandhi's "then they fight you" stage in the mass market.) This isn't to deny that PGP has provided major communications security benefits to smaller communities and groups that have consciously adopted it and use it carefully.

[sroerick]

What about something like mercbay.com?

While spam would still be a problem, requiring a negligible payment would greatly reduce the ability of spammers to flood forums with posts.

[dublinben]

Have you checked out Freenet recently? There are a few plugins for message boards, mail, and following feeds.

It's highly decentralized, censorship resistant, and can be very anonymous.

[nickysielicki]

Thank you for posting this!

[dogecoinbase]

(By the way, I would bet these people were using Tor and this subpoena is useless.)

Based on how poor the opsec of previous darknet admins has been, I see no reason to assume theirs was any better.

[atmosx]

You can't register via Tor on HN. I wonder if you can do that on reddit. Then there's always the email account thing, but if you were careful from day one, you could get away with it.

Hosting AMAs is both stupid and provocative IMHO when you're a drug dealer.

[ethbro]

> Hosting AMAs is both stupid and provocative IMHO when you're a drug dealer.

Unless your endgame, as would seem entirely reasonable as a logical illicit dealer, is pump sales and dump the entire business as quickly as possible.

In which case the additional attention and growth might offset the additional risk over short time horizons.

[Leynos]

Reddit doesn't require an email address to create an account.

[FireBeyond]

"but I am worried that the government has such an easy avenue to get this information"

This is a public forum. Hell, one of the users even VOLUNTEERED himself to be interviewed by the users of one of the most popular websites in the world under the topic of what amounts to "I run or help run a drug smuggling/selling marketplace".

What reasonable expectation should this user have to privacy? You can't do all these things in public and then say "well, the government shouldn't be able to look at me for it" - I'd think what he did met the very definition of probable cause.

[themgt]

Yes, and the parent was arguing that the internet should have communication systems whereby people can speak in public without the government being able to look at them for it.

[FireBeyond]

Things aren't special "because ... Internet!". If something is done in public, it's done in public. If you'd face consequences for it on the street, why shouldn't you online? I can't see any particular level of logic than "we should be able to get away with shit online".

Note, for emphasis, that this is entirely an aside to the subject of legalization, as I'm actually much more pro-legalization than anything else.

[wmf]

The Federalist Papers were published pseudonymously in 1787. I don't think people are asking for special privileges for the Internet.

[themgt]

Just to correct the downthread derail, I'm guessing you were confusing this with Common Sense, Thomas Paine's anonymously published 1776 pamphlet calling for rebellion against Britain.

[Steko]

We're the Federalist Papers advocating/admitting to illegal activity?

[undersuit]

Yes? Here are a number of essays that lay out the issues with the current government and ways to make a better government written by a number of influential U.S. figures during the war that led to the U.S. independence from Britain.

You think the British weren't concerned at all about who was writing this propaganda and weren't willing to violate the "rights" of their colonists... because I think the authors were quite concerned.

[mmcru]

i agree. recently i desired to create an online community for a small game that probably wouldn't have many users or posts.

subreddits are fantastic for that type of thing, and i like the ease of use and PRAW, however, handing over all of the community's data to conde nast isn't something i'm interested in.

what i'd like is a tool with which to create online communities, which would consist of a message board with upvotes/downvotes, user profiles, and perhaps a small chat system, with good mobile integration. as you said, it should be decentralized. it should also be as secure as possible without requiring non-standard software like TOR.

[fluidcruft]

Reddit is no longer owned by Conde Nast. It was moved to the same parent company that owns Conde Nast and then spun off.

http://www.redditblog.com/2013/08/reddit-myth-busters_6.html

[mmcru]

you're right, i stand corrected. i should have said that i don't want to host my community with a single, likely profiteering entity.

[this_user]

Advance Publications is still their largest shareholder and one of three board seats belongs to the president of Condé Nast. I'm not sure how independent one could call them under these circumstances.

[Phlarp]

dolphins and porpoises.

[pavel_lishin]

> * what i'd like is a tool with which to create online communities*

vBulletin has support for all of this, as does WordPress, and probably a hundred other pieces of software.

The downside, as always, is that you become a sysadmin and moderator and hacker and on-call technician.

[mmcru]

right, perhaps i could use vbulletin or wordpress with another piece of software handling the decentralization and encryption parts, i didn't think that was built in, though.

[mirimir]

See https://www.wilderssecurity.com/threads/list-of-the-best-enc...

[pavel_lishin]

I'm amused that this pops up two scary security warnings in Chrome, presumably due to the fact that it's a self-signed cert and is using what Chrome says is outdated crypto.

[mirimir]

Yes, it's a self-signed cert. But hey, can we really trust cert authorities? Other than that, SSL Labs gives it an A rating <https://www.ssllabs.com/ssltest/analyze.html?d=wilderssecuri.... I wouldn't know about Chrome. Don't trust it ;)

[mmcru]

interesting, hadn't heard of virtually all of these, thanks ;-)

[natrius]

If you're interested in decentralized applications, you need to be paying attention to Ethereum, Whisper, Swarm, and IPFS. The building blocks for what you're describing are being built. It will happen.

[TheDong]

Let me throw tent.io into the mix: https://tent.io/

[lurkinggrue]

https://xkcd.com/927/

[natrius]

Of the four projects I listed, only Swarm and IPFS overlap in functionality.

Ethereum is a decentralized, consensus-driven data store and execution environment.

Whisper is a decentralized messaging protocol, which you'd use for data that doesn't require consensus. Consensus is expensive and relatively slow, but communication between parties doesn't require it.

Swarm and IPFS are content-addressable, decentralized file transfer systems. You'd use one of these to store the HTML, CSS and JavaScript that implement an application on top of the other decentralized systems. Or just to store arbitrary static files.

It's hard to shut down a system that lives on thousands of computers and can be accessed by typing the name of the site into a web browser. That's the experience that's motivating people to build these systems, and they're going to change the way the world works.

[uxp]

Implementations are not standards.

[RexRollman]

It's a good idea but spammers and trolls ruin everything. It's the reason why many places are tightening down on Tor users.

[InclinedPlane]

I'm not sure that usenet 2.0 is even possible, just merely due to scale, although it would be nice if it did.

I was very active on usenet back in the early to mid 1990s and I would say that it was an enormously valuable experience. I interacted with a lot of smart people, I got to explore a lot of exciting areas of interest, and I spent a lot of time improving my writing abilities. It makes me sad to think that there are lots of people who well never benefit from that experience. At their best HN and parts of reddit can be excellent, but there's still a lot that they're missing.

[deftnerd]

USENET 2.0 could be set up so only headers are transferred. Then third party groups could publish moderation whitelists that the USENET provider to subscribe to. If a moderated whitelist approves some content, then the server would download it via DHT so its locally available. If a user requests something in a header that hasn't been filled yet because it's not moderated by an approved whitelist, it would download it and then serve it to the user.

This would make it so content that's purely spam wouldn't be pulled to all the USENET servers. If a moderation provider started vouching for a lot of spam, it would quickly be removed by providers.

[dsr_]

Usenet 3; Usenet 2 has already been done.

[pain]

http://getaether.net is "reddit without servers" a "community moderated, distributed, and anonymous" tool great for the great repression.

[fit2rule]

Take a look at ipfs: http://ipfs.io/

This is pretty close to being what you describe, in that it will function as a transport layer - now all that is needed is a standardized protocol for how to put information onto it that can be easily found.

[imaginenore]

http://twister.net.co/

[higherpurpose]

Someone actually started an "anonymous Reddit" app about two years ago. But the sole developer was then hired by Google, I think. I don't remember the name of the app, but it was kind of alpha mode and pretty slow.

[maxerickson]

The way one of them vaporized their reddit presence (from what I could tell from a few minutes looking at the time), they didn't feel very safe about the information they may have leaked.

[jkot]

Usenet 2.0 is Facebook :-)